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I GENERICALLY PROVISIONING AN APPLIANCE 

2 

3 Background of the Invention 

4 Related Applications 

5 This invention disclosed herein may be used in conjunction with another of our inventions, 

6 which we have disclosed in co-pending application entitled "Method for Deriving a Network Name", 

7 and/or with another of our inventions, which we have disclosed in co-pending application entitled 

8 "Authentication Protocol". 
9 

10 Technical Field of the Invention 

I I The present invention relates generally to loading software onto data processing systems and 
12 to network communications, and more specifically to a method for generically provisioning a client 
1A system to work with any of a plurality of specific server environments upon initial connection to one 
iff of those environments. 

11 

|S Background Art 

l¥ Various networking protocols and environments are known in the art. One such environment 

1-8 is that known as a client-server environment. One example of a client-server environment is a 

I! plurality of client customer workstations coupled over the internet to an internet service provider 

fit (ISP) server. Another such environment is peer-to-peer networking. 

O hi order to work in a particular environment, a device (such as a client workstation) must be 

IS properly provisioned (with software applications, operating system environment, data, tables, keys, 

23 protocols, and the like), and must be properly configured (with settings, parameters, registry entries, 

24 and the like). For ease in explanation, the terms "configure" and "provision" will be used somewhat 

25 interchangeably. 

26 In the example of a customer who signs up for a new ISP account, the customer's workstation 

27 will typically need to be provisioned with a compatible operating system environment, 

28 communication software, security keys, and the like, and with information such as the local dialup 

29 number through which to connect to the ISP, the correct email address and POP server address that 

30 the ISP's system will be using for that customer, and perhaps the internet address or at least the fully 

3 1 qualified domain name of the ISP' s server. 
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1 It is known in the art that some of this may be done dynamically. For example, in many 

2 environments, the client workstation does not need to be provisioned with a static internet protocol 

3 (IP) address; rather, an IP address is obtained anew at connection time, e.g. via the well-known 

4 Dynamic Host Configuration Protocol (DHCP) service. 

5 However, much of the provisioning and configuration must presently be done manually by 

6 the user. The user must, one by one, call up various programs and tweak their settings. For example, 

7 the user must launch the email program and alter its "Properties" with the correct SMTP and POP 

8 settings. The user must also launch the web browser program and alter its "Properties" to configure 

9 the default homepage, the news group server address, the web browser proxy settings, security levels 

10 for running e.g. ActiveX controls, how to handle cookies, and so forth. 

1 1 It is also known in the art to provide registration information such as a personal identification 

12 number (PIN) to prevent unauthorized access to systems such as an ISP's servers. To prevent fraud, 
{3 such as attempted internet access by persons possessing a clone of an authorized workstation, the ISP 
li may provide a substantially unique PIN to each new authorized subscriber. Typically, this is done out 
if of band, such as via a printed letter sent to the new authorized subscriber through postal mail. 

j|J Many customers, and potential customers, lack the technical sophistication necessary to make 

19 significant manual configurations of complex software settings. Many customers may benefit from 

15 an improved provisioning mechanism which automates more of the provisioning and configuration. 

i* 

|g Brief Description of the Drawings 

If The invention will be understood more fully from the detailed description given below and 

22 from the accompanying drawings of embodiments of the invention which, however, should not be 

23 taken to limit the invention to the specific embodiments described, but are for explanation and 

24 understanding only. 

25 FIG. 1 illustrates an exemplary system in which the invention may be practiced. 

26 FIG. 2 illustrates an exemplary flowchart of one method of practicing the invention. 

27 

28 Detailed Description 

29 FIG. 1 shows a system 5 in which the invention may be practiced. The system includes a 

30 client device 1 0 coupled via network 1 5 to a server system 14. For purposes of illustration, the client 

31 will be discussed as being embodied as a web appliance, the network will be discussed as being 
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1 embodied as the internet, and the server system will be discussed as being embodied as an ISP. 

2 However, the skilled reader will readily appreciate that the invention is not limited to these specifics . 

3 The ISP server system 14 includes a provisioning server 1 6 which has access to a 

4 provisioning database 22 for provisioning the web appliance 1 0 when the web appliance connects to 

5 the ISP. The invention will be discussed in terms of provisioning the web appliance upon an initial 

6 connection by the web appliance to the ISP. However, the invention is not limited to such initial 

7 connection, and may be used - perhaps repeatedly - at subsequent connections, such as, for example, 

8 when the web appliance' s provisioning has become stale or out of date, as in the case where a new 

9 software package or a new configuration setting have been made available in the provisioning 

10 database. 

1 1 The ISP server system may further include a dynamic address server 1 8, such as a DHCP 

12 server, and/or a static address server 20, such as a DNS server. Alternatively, one or both of these 
m may be embodied outside the ISP ' s server environment and the web appliance may access them over 
l'ii the internet independently from its access of the ISP. 

Bp The web appliance includes a provisioning agent 1 1 and a set of provisioned software and 

liil settings 13. 

ff The web appliance may also have access to an out-of-band communication, such as data 

l® input by a user in response to a new customer authorization letter containing a PIN from the ISP. 
|^ FIG. 2 shows one embodiment of a method of practicing the invention in conjunction with 

the exemplary system shown in FIG. 1 . To begin (50) an initial connection by the web appliance to 
if the ISP, the appliance prompts (52) the user for the out-of-band authentication data provided by the 

22 ISP, which the user enters (54). This data may include, for example, a registration number, a PIN, 

23 and/or a dialup phone number. 

24 The appliance connects (56) to the internet and gets (58) an IP address from the DHCP 

25 server. The appliance determines (60) its fully qualified domain name (FQDN) and the ISP server's 

26 IP address, using conventional techniques or, optionally, using the techniques described in the 

27 co-pending application identified above. 

28 The appliance may send (62) a provisioning request to the ISP server, or, in some 

29 embodiments, the request may be implicit or assumed. 

30 The server authenticates (64) the appliance, such as by comparing data received from the 

3 1 appliance against a store of data concerning authorized client appliances. Such data may include 
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1 information originating from the appliance itself, such as a unique processor identification number or 

2 such as a unique identifier previously stored on the appliance at manufacturing or pre-provisioning 

3 time by the ISP or its supplier. Such data may alternatively or additionally include some or all of the 

4 out-of-band data sent by the ISP to the new customer. The authentication may, in one embodiment, 

5 be done in accordance with the co-pending application identified above. 

6 Once the appliance has (optionally) been authenticated, the server sends (66) a security secret 

7 to the appliance, such as a public key, session key, symmetric key, passcode, or the like. This secret 

8 will enable security between the server and the appliance in subsequent communications. 

9 The server downloads (68) the provisioning data to the appliance, optionally under security 

10 provided by the previously- transmitted secret. This provisioning data may include, for example, 

1 1 email address, POP server, homepage URL, registry entries, software applications, news server 

12 identity, proxy server settings, and so forth. In one embodiment, the provisioning data may be sent as 
<parameter,value> tuples, which the provisioning agent of the web appliance knows how to 

l£ interpret. The appliance receives (70) the provisioning data and updates its software, settings, 

i£* parameters, and so forth, accordingly. 

M By provisioning such data after the customer has obtained the appliance, rather than at 

17 manufacturing time, a more flexible and user-friendly environment is provided. If, on the other hand, 

M the full provisioning were done at manufacturing time by the manufacturer of the appliance - as is 

J# presently done in the art - the appliance would be customized for use in connecting to one specific, 

il predetermined ISP, and perhaps even to one particular server or geographic region of that ISP's 

ft network. Thus, the appliance manufacturer would have to incur the inconvenience and expense of 

22 maintaining many separate "builds" for its various ISP customers, with the inventory issues, multiple 

23 stock keeping unit (SKU) issues, distributor issues, and so forth. Similarly, if the ISP were to fully 

24 provision the appliance before identifying the specific customer, the ISP would incur similar 

25 inventory etc. expenses. By way of contrast, this invention enables a single-SKU generic build, 

26 usable by a large variety of customers of a large variety of ISPs using a large variety of different 

27 server environments. Customer-specific and ISP-specific configuration (custom configuration) and 

28 provisioning is completed only when the genetically pre-provisioned individual appliance unit is 

29 initially connected to the individual ISP server. 
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1 Once the appliance is folly configured, the user is fully able to use (72) the appliance. After 

2 the user disconnects (74), subsequent connections are more straight- forward, unless and until such 

3 time as the system re-invokes this invention to re-provision or update the appliance. 

4 The reader should appreciate that drawings showing methods, and the written descriptions 

5 thereof, should also be understood to illustrate machine-accessible media having recorded, encoded, 

6 or otherwise embodied therein instructions, functions, routines, control codes, firmware, software, or 

7 the like, which, when accessed, read, executed, loaded into, or otherwise utilized by a machine, will 

8 cause the machine to perform the illustrated methods. Such media may include, by way of illustration 

9 only and not limitation: magnetic, optical, magneto-optical, or other storage mechanisms, fixed or 

10 removable discs, drives, tapes, semiconductor memories, organic memories, CD-ROM, CD-R, 

1 1 CD-RW, DVD-ROM, DVD-R, DVD-RW, Zip, floppy, cassette, reel-to-reel, or the like. They may 

12 alternatively include down- the- wire, broadcast, or other delivery mechanisms such as Internet, local 
151 area network, wide area network, wireless, cellular, cable, laser, satellite, microwave, or other 

L* suitable carrier means, over which the instructions etc. may be delivered in the form of packets, 

serial data, parallel data, or other suitable format. The machine may include, by way of illustration 

III only and not limitation: microprocessor, embedded controller, PLA, PAL, FPGA, ASIC, computer, 

£7* smart card, networking equipment, or any other machine, apparatus, system, or the like which is 

f s{ adapted to perform functionality defined by such instructions or the like. Such drawings, written 

W descriptions, and corresponding claims may variously be understood as representing the instructions 

2§ etc. taken alone, the instructions etc. as organized in their particular packet/serial/parallel/etc. form, 

IT and/or the instructions etc. together with their storage or carrier media. The reader will further 

22 appreciate that such instructions etc. may be recorded or carried in compressed, encrypted, or 

23 otherwise encoded format without departing from the scope of this patent, even if the instructions 

24 etc. must be decrypted, decompressed, compiled, interpreted, or otherwise manipulated prior to their 

25 execution or other utilization by the machine. 

26 Reference in the specification to "an embodiment," "one embodiment," "some 

27 embodiments," or "other embodiments" means that a particular feature, structure, or characteristic 

28 described in connection with the embodiments is included in at least some embodiments, but not 

29 necessarily all embodiments, of the invention. The various appearances "an embodiment," "one 

30 embodiment," or "some embodiments" are not necessarily all referring to the same embodiments. 
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If the specification states a component, feature, structure, or characteristic "may", "might", or 
"could" be included, that particular component, feature, structure, or characteristic is not required to 
be included. If the specification or claim refers to "a" or "an" element, that does not mean there is 
only one of the element. If the specification or claims refer to "an additional" element, that does not 
preclude there being more than one of the additional element. 

Those skilled in the art having the benefit of this disclosure will appreciate that many other 
variations from the foregoing description and drawings may be made within the scope of the present 
invention. Indeed, the invention is not limited to the details described above. Rather, it is the 
following claims including any amendments thereto that define the scope of the invention. 
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